Thread: IE 'http://' Path Prob.
View Single Post
  #2 (permalink)  
Old 06-11-2004, 04:56 PM
owen's Avatar
owen owen is offline
D-A-L Team Member (UK)
Loyal Contributor
  
Join Date: Jun 2004
Posts: 5,272
owen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furniture
Re: IE 'http://' Path Prob.
Make sure you post the whole log in the next post.

Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: (no name) - {04164EC4-1E48-4279-818E-3721931E7636} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O4 - HKLM\..\Run: [X] C:\documents and settings\charmo\local settings\temp\X.exe
O4 - HKLM\..\Run: [eRl] C:\documents and settings\charmo\local settings\temp\eRl.exe
O4 - HKLM\..\Run: [ytwbhkzipnij] C:\WINDOWS\System32\tghesnd.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\ROSSHA~1\LOCALS~1\Temp\app79.tmp
O4 - HKLM\..\Run: [sGMznWfUO] C:\documents and settings\ross harmon\local settings\temp\sGMznWfUO.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:

Click Fix Checked

Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

Go to C:\documents and settings\ross harmon\local settings\temp and once in the folder click Edit> Select All. Then hit the delete key to get rid of the entire contents of the folder. Leave the folder itself intact though.

Go to C:\documents and settings\charmo\local settings\temp and once in the folder click Edit> Select All. Then hit the delete key to get rid of the entire contents of the folder. Leave the folder itself intact though.

Delete the following files and folders:
C:\WINDOWS\System32\tghesnd.exe
C:\WINDOWS\system32\pcs
C:\Program Files\Common Files\Dpi

Reboot and post a fresh log
__________________
Owen

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.4 _|_ Ad-Aware SE 1.06_|_ HijackThis Log __V1.99.1 _|

[*]Be patient and wait for a response, we'll do our best to help resolve your issue.
[*]When posting for help, start your own thread and stick to it. Don't start multiple threads or post in other peoples threads!

If we have helped you, please consider making a donation to help support the forum. All donations are greatly appreciated. You can also support the forum by placing a link to us on your personal website.

Useful Links:
Preposting and Prevention Info
Reply With Quote